Tag Archives: Malware

FBI warns that ‘destructive’ malware attacks could hit the U.S.

In the wake of the recent Sony Pictures hack, the FBI has issued a confidential report urging businesses to remain vigilant against new malicious software that can be used to launch “destructive” cyberattacks.

OLYMPUS DIGITAL CAMERA

According to Reuters, the five-page confidential warning doesn’t specifically list the Sony incident. It does, however, name an attack that cybersecurity experts tell the news agency is a large-scale hack that took down the Hollywood company. While similar attacks have occurred in South Korea and throughout the Middle East, the latest is believed to “mark [the] first major destructive cyber attack waged against a company on U.S. soil.”

The “flash” FBI warning issued to businesses shared some insight and technical details around how malware works, as well as how to respond to  it, encouraging businesses to reach out to the FBI if they identified similar software.

“The FBI routinely advises private industry of various cyber threat indicators observed during the course of our investigations. This data is provided in order to help systems administrators guard against the actions of persistent cyber criminals,’ explained FBI spokesman Joshua Campbell.

101836927-178795084.530x298

Re/code has reported that Sony are probing the incident to see whether those responsible for carrying out the hack are working behalf of North Korea, and perhaps operating in China.

It is evident now more than ever, hardware-based solutions are necessary to protect every system and embedded design. As you can see from recent headlines, like BadUSB, hardware protection beats software protection every time. That’s because software is always subject to bugs, tampering and malware, just as the latest report warns. The protection provided by CryptoAuthentication is built directly into a device, and it is secured in tested hardware. Start safeguarding today!

ATM hackers have stolen millions with Tyupkin malware

A group of cyber criminals is using a piece of malware to steal millions in cash from ATMs around the world — without having to use a credit or debit card. Security firm Kaspersky Lab discovered the hack, which is enabled by entering a series of digits on the keypad, and currently affecting ATMs from a major manufacturer running Microsoft Windows 32-bit.

ATM-640

So far, Interpol has alerted countries in Europe, Latin America and Asia, and is now carrying out a widespread investigation into the recent string of hacks. While no details relating to the group behind the attacks, Kaspersky Lab has reason to believe that they have already stolen millions of dollars using the Backdoor.MSIL.Tyupkin malware.

“Over the last few years, we have observed a major upswing in ATM attacks using skimming devices and malicious software,” said Vicente Diaz, Kaspersky Lab Principal Security Researcher. “Now we are seeing the natural evolution of this threat with cybercriminals moving up the chain and targeting financial institutions directly. This is done by infecting ATMs themselves or launching direct Advanced Persistent Threat (APT)-style attacks against banks. The Tyupkin malware is an example of the attackers taking advantage of weaknesses in the ATM infrastructure.”

According to the researchers, the fact that many ATMs run on operating systems with known security vulnerabilities and the absence of security solutions is another problem that needs to be addressed immediately.

“Offenders are constantly identifying new ways to evolve their methodologies to commit crimes, and it is essential that we keep law enforcement in our member countries involved and informed about current trends and modus operandi,” explained Sanjay Virmani, Interpol Digital Crime Centre Director.

How the Tyupkin attack works

  • First, the criminals need to gain physical access to the ATMs, allowing them to insert a bootable CD that installs the malware.
  • Once the system is rebooted, the ATM is under the control of the gang.
  • The malware then runs in the background on an infinite loop awaiting a command.
  • The malware will accept commands only at specific times, on Sunday and Monday nights, making it harder to detect.
  • To activate the malware, a unique combination key based on random numbers is generated, to avoid the possibility of a member of the public accidentally entering a code.
  • The criminal carrying out the theft on the ground then receives a phone call from another member of the gang, who relays a session key based on the number shown on the ATM’s screen. This helps prevent members of the gang going at it alone.
  • When the session key is entered correctly, the ATM displays details of how much money is available in every cash cassette, allowing the attacker with physical access to select which cassette to steal from.
  • After this, the ATM dispenses 40 banknotes at a time from the chosen cassette.

Tyupkin_3

How to mitigate the attacks

You will notice from the description of the attack, it is all about booting bad software. Had the manufacturer of the ATMs would simply have installed a tiny, inexpensive and ultra-secure hardware CryptoAuthentication device on their ATM processor board, each time the software booted it would have been checked for authenticity. Every time. No exceptions. Even the slightest deviance from the original code would be detected by the CryptoAuthentication protected system and the bad code could not load. If the bad code does not load, the disgorgement of 40 bank notes at a time into the hands of thieves (or other crimes we don’t even know about yet) could not happen. Period.”The protection provided by CryptoAuthentication is built directly into the device, and it is secured in hardened, tested hardware. Hardware protection beats software protection every time. That is because software is always subject to bugs, tampering and malware, just as the Tyupkin and all the other attacks are proving. Again and again and again,” explained Bill Boldt, Senior Marketing Manager for Atmel’s Crypto Products.

The defense mechanism proposed here is extremely straightforward, and goes by the unimaginative yet highly descriptive name of “Secure Boot.” Though simple, given that it is hardware-based, it is incredibly strong.

“And, that is the lesson, Boldt adds. “One would think that financial institutions should know by now that they need to harden the targets with hardware, and not leave themselves and their customers exposed.”

With security at our core, Atmel’s hardware-based solutions to protect every system and embedded design. Start safeguarding today.